I've updated my macOS from Catalina to Big Sur and since then i also had to upgrade from the VMware fusion 11 to VMware fusion 12.
I've been using expressVPN for couple of months and usually i connect the host machine to the VPN and then i'm also able to have my guest machines under the VPN, but it's happening that now every time i connect to the VPN the guest machines simply can't access the network anymore. Any idea how to solve this issue?
Vmware machines network configurations:
The technical preview resolves the NAT issue for me. I only use the VM as a passthrough for network isolation, so I cannot speak to other compatibilities.
@dlhotka correct. From the release notes, I didn't get the impression from the build that it was a v12 beta: VMware-Fusion-e.x.p-16530630.dmg
Apple has been progressively deprecating 3rd party Kernel Extensions or “kexts” which Fusion needs to run VMs and containers. In order to continue to operate in this model, we’ve re-architected our hypervisor stack to leverage Apple’s native hypervisor APIs, allowing us to run VMs without any kernel extensions.
Currently I am running Big Sur with Cisco Anyconnect 4.9.0443 and Fusion 12.1
To date I have tried the following and have yet to find a working solution -
1. pfctl commands (In my situation they were already established)
sudo pfctl -a com.apple.internet-sharing/shared_v4 -s nat 2>/dev/null
nat on utun6 inet from 172.16.99.0/24 to any -> (utun6:0) extfilter ei
nat on en8 inet from 172.16.99.0/24 to any -> (en8:0) extfilter ei
no nat on bridge100 inet from 172.16.99.1 to 172.16.99.0/24
2. static ip vs dhcp address on VM guest OS.
3. Upgrading to Fusion 12.1
Current network setup -
Vmware - 172.16.99.0/24
Mac (en8) - 192.168.1.0/24
Utun6 (anyconnect) 10.210.170.0/24
I see the packets on the bridge as the 172.16.99.0/24 address going to external addresses or intranet addresses (anyconnect).
With external addresses - On the mac interface en8, the same 172.16.99.0/24 address appears which doesnt look like the pfctl nat is being applied correctly.
With intranet addresses (anyconnect) - On the anyconnect interface there are no packets being seen.
VMware's workaround is to connect the vpn client from the vmware os, and not the host os.
Is there another solution that I have yet to try?
I upgraded to 12.1 and this is what I'm seeing: I have multiple NAT configured VMs. From a completely powered off state, I boot one at a time. NAT interface works for the first NAT interface to come up, but none of the other machines NAT interfaces work. All machines get proper IP association and DHCP. I have to shut down everything, close Fusion, and bring the ONE machine that I want to use back online from powered down state. Hopefully this helps with some diagnostics.
More experimenting. If I create an isolated NAT network for each VM on the host, I can get network to work on each individual VM simultaneously. I don't need the VMs to talk to one another, so this workaround is fine for me, for now.